IPv6 Loopback/Point-to-Point address allocation

• Previous message (by thread): IPv6 Loopback/Point-to-Point address allocation
• Next message (by thread): IPv6 Loopback/Point-to-Point address allocation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-09-10 00:09, Baldur Norddahl wrote:

> You want to configure point to point interfaces as /127 or /126 even if you
> allocate a full /64 for the link. This prevents an NDP exhaustion attack
> with no downside.

An alternative is to just have link-local addresses on your point-to-
point links.  At least on your internal links where you run your IGP.
On external links, where you run eBGP or static routes, it's probably
more trouble than it is worth, though, since link-local addresses can
change if you replace the hardware, requiring a config change on the
other end.  (Also, I'm not sure all BGP implementations support using
link-local addresses.)


	/Bellman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170910/d4ce438a/attachment.sig>

• Previous message (by thread): IPv6 Loopback/Point-to-Point address allocation
• Next message (by thread): IPv6 Loopback/Point-to-Point address allocation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]